show warning page

android/app/src/main/kotlin/com/yubico/authenticator/MainActivity.kt

@@ -40,6 +40,7 @@ import androidx.core.view.WindowCompat
 import androidx.lifecycle.lifecycleScope
 import com.google.android.material.color.DynamicColors
 import com.yubico.authenticator.device.DeviceManager
+import com.yubico.authenticator.device.noScp11bNfcSupport
 import com.yubico.authenticator.fido.FidoManager
 import com.yubico.authenticator.fido.FidoViewModel
 import com.yubico.authenticator.logging.FlutterLog
@@ -69,7 +70,9 @@ import kotlinx.coroutines.launch
 import org.json.JSONObject
 import org.slf4j.LoggerFactory
 import java.io.Closeable
+import java.security.NoSuchAlgorithmException
 import java.util.concurrent.Executors
+import javax.crypto.Mac
 
 class MainActivity : FlutterFragmentActivity() {
     private val viewModel: MainViewModel by viewModels()
@@ -282,9 +285,9 @@ class MainActivity : FlutterFragmentActivity() {
 
     private suspend fun processYubiKey(device: YubiKeyDevice) {
         val deviceInfo = getDeviceInfo(device)
-        deviceManager.setDeviceInfo(deviceInfo)
 
         if (deviceInfo == null) {
+            deviceManager.setDeviceInfo(null)
             return
         }
 
@@ -307,6 +310,13 @@ class MainActivity : FlutterFragmentActivity() {
                 }
         }
 
+        // this YubiKey provides SCP11b key but the phone cannot perform AESCMAC
+        if (deviceManager.scpKeyParams != null && !supportsScp11b) {
+            deviceManager.setDeviceInfo(noScp11bNfcSupport)
+            return
+        }
+
+        deviceManager.setDeviceInfo(deviceInfo)
         val supportedContexts = DeviceManager.getSupportedContexts(deviceInfo)
         logger.debug("Connected key supports: {}", supportedContexts)
         if (!supportedContexts.contains(viewModel.appContext.value)) {
@@ -432,6 +442,12 @@ class MainActivity : FlutterFragmentActivity() {
     companion object {
         const val YUBICO_VENDOR_ID = 4176
         const val FLAG_SECURE = WindowManager.LayoutParams.FLAG_SECURE
+        val supportsScp11b = try {
+            Mac.getInstance("AESCMAC");
+            true
+        } catch (_: NoSuchAlgorithmException) {
+            false
+        }
     }
 
     /** We observed that some devices (Pixel 2, OnePlus 6) automatically end NFC discovery

android/app/src/main/kotlin/com/yubico/authenticator/device/UnknownDevice.kt

@@ -77,4 +77,10 @@ fun restrictedNfcDeviceInfo(transport: Transport) : Info {
         isNfc = true,
         name = "restricted-nfc"
     )
-}
+}
+
+// the YubiKey requires SCP11b communication but the phone cannot handle it
+val noScp11bNfcSupport = UnknownDevice.copy(
+    isNfc = true,
+    name = "no-scp11b-nfc-support"
+)

lib/android/state.dart

@@ -159,7 +159,9 @@ class AndroidAttachedDevicesNotifier extends AttachedDevicesNotifier {
 
 final androidDeviceDataProvider = Provider<AsyncValue<YubiKeyData>>((ref) {
   return ref.watch(androidYubikeyProvider).when(data: (d) {
-    if (d.name == 'restricted-nfc' || d.name == 'unknown-device') {
+    if (d.name == 'restricted-nfc' ||
+        d.name == 'unknown-device' ||
+        d.name == 'no-scp11b-nfc-support') {
       return AsyncError(d.name, StackTrace.current);
     }
     return AsyncData(d);

lib/app/views/device_error_screen.dart

@@ -89,6 +89,16 @@ class DeviceErrorScreen extends ConsumerWidget {
             message: l10n.p_deactivate_restricted_nfc_desc,
             footnote: l10n.p_deactivate_restricted_nfc_footer,
           ),
+        'no-scp11b-nfc-support' => HomeMessagePage(
+            centered: true,
+            graphic: Icon(
+              Symbols.contactless,
+              size: 96,
+              color: Theme.of(context).colorScheme.tertiary,
+            ),
+            header: l10n.l_scp11b_nfc_technology_missing,
+            message: l10n.p_scp11b_missing_support_desc,
+          ),
         _ => HomeMessagePage(
             centered: true,
             graphic: Image.asset(

lib/l10n/app_de.arb

@@ -236,6 +236,8 @@
     "s_unsupported_yk": "Nicht unterstützter YubiKey",
     "s_yk_not_recognized": "Geräte nicht erkannt",
     "p_operation_failed_try_again": "Die Aktion ist fehlgeschlagen, bitte versuchen Sie es erneut.",
+    "l_scp11b_nfc_technology_missing": null,
+    "p_scp11b_missing_support_desc": null,
 
     "@_general_errors": {},
     "l_error_occurred": "Es ist ein Fehler aufgetreten",

lib/l10n/app_en.arb

@@ -236,6 +236,8 @@
     "s_unsupported_yk": "Unsupported YubiKey",
     "s_yk_not_recognized": "Device not recognized",
     "p_operation_failed_try_again": "The operation failed, please try again.",
+    "l_scp11b_nfc_technology_missing": "Configuration not supported",
+    "p_scp11b_missing_support_desc": "To communicate over NFC, the YubiKey requires technology which is not supported by this phone. Please plug the YubiKey to the phone's USB port.",
 
     "@_general_errors": {},
     "l_error_occurred": "An error has occurred",

lib/l10n/app_fr.arb

@@ -236,6 +236,8 @@
     "s_unsupported_yk": "YubiKey non prise en charge",
     "s_yk_not_recognized": "Appareil non reconnu",
     "p_operation_failed_try_again": "L'opération a échoué, veuillez réessayer.",
+    "l_scp11b_nfc_technology_missing": null,
+    "p_scp11b_missing_support_desc": null,
 
     "@_general_errors": {},
     "l_error_occurred": "Une erreur s'est produite",

lib/l10n/app_ja.arb

@@ -236,6 +236,8 @@
     "s_unsupported_yk": "サポートされていないYubiKey",
     "s_yk_not_recognized": "デバイスが認識されません",
     "p_operation_failed_try_again": "操作に失敗しました。もう一度やり直してください。",
+    "l_scp11b_nfc_technology_missing": null,
+    "p_scp11b_missing_support_desc": null,
 
     "@_general_errors": {},
     "l_error_occurred": "エラーが発生しました",

lib/l10n/app_pl.arb

@@ -236,6 +236,8 @@
     "s_unsupported_yk": "Nieobsługiwany klucz YubiKey",
     "s_yk_not_recognized": "Urządzenie nie rozpoznane",
     "p_operation_failed_try_again": null,
+    "l_scp11b_nfc_technology_missing": null,
+    "p_scp11b_missing_support_desc": null,
 
     "@_general_errors": {},
     "l_error_occurred": "Wystąpił błąd",